Unknown · Cinnamon Kotaemon · CVE-2025-63914
**Name of the Vulnerable Software and Affected Versions**
Cinnamon kotaemon version 0.11.0
**Description**
The ` may extract zip` function in the `libsktemktemindexfileui.py` file does not validate the contents of uploaded ZIP files. Uploading a ZIP bomb could lead to excessive resource consumption during decompression. Extracted data from a successful attack may occupy disk space, potentially causing system unavailability. Users with file upload permissions can exploit this issue.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.